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(57) Abstract 

A secure computer controlling access 
to data storage devices via a card reader. A 
microprocessor-controlled card reader inter- 
face logically connected to the card reader 
and the central processing unit (CPU) of die 
computer reads and writes information from 
and to a card placed in the card reader and 
performs additional functions in re^)onse to 
commands received from the CPU. The card 
reader interface includes an encryption en- 
gine for encrypting data in a data storage 
device and a boot ROM containing verifica- 
tion program code executed during an ini- 
tialization procedure. The verification pro- 
gram verifies that a valid user card has been 
placed in the card reader, reads one or more 
questions from the user card, asks the ques- 
tions of the user and verifies the answers 
against the contents of the card. If aulho- 
rizaUon is verified, the card reader interface 
permits the user to access the encrypted daU. 
Otherwise, the user is denied access to the 
data by one or more of the following meth- 
ods: freezing the system bus. and requiring 
the user to reset the computer and re-enter 
the verification program; logically destroy- 
ing the data in the data storage devices; and 
physically destroying the data storage de- 
vices. 
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PREBOOrmOTECriON FOR A DATA SECURTTY SYSTEM 

5 Technical Field of the Invention 

The present invention pertains generally to computer security 
systems, and more particularly to a microprocessor-controUed system for 
controlling user access to and dissemination of secure data stored in a secure 
computer. 

10 Background of the Invention 

There has been an enormous increase in the use of conputers 
for processing and storing sensitive information in a wide variety of 
commercial and govOTiment applications. Computer systOTis have evolved 
from laffge systems with restricted access to sm^ systacm which may be 

15 port^le and easily accessed by several users. As con^xments have become 
more easily accessible and as demand for easy coBEpjter access has spread, 
there has arisen a greasier need for the protectian of sensitive data 

One me&od for securing access to cont^niter systems is to 
restrict the physical acc^ to the con^juter system, however, such restriction 

20 is ineffidOTt for typical computer system installations which fevor shared 
access and increased portability. The cost of securing computer systems by 
restrictii^ physical access is also prohibitive. 

Another method for providing security of sensitive data is to 
use a program to restrict access to the con^mter system. However, fliis 

25 method has drawbacks. For instance, an unaoidiorized user can oftm bypass 
the security program or routines vAnch invoke the security' program to gain 
access to the computer system. Even if the security program proves to be 
diflBcult to bypass, the unauthorized user can singly rmiove the information 
stored in the conputer by removing the memory or monitoring the data bus. 

30 For exanple, a hard drive could be removrf from the corr^niter and installed 
in another con^juter to read the contents of the hard drive. 

To prevent such unauthorized access and retrieval of sensitive 
information, sensitive data may be destroyed either logically or physically. 
Logical destmction requires that any data destroyed be unintelligible to 

35 anotiier user after the destmction process has taken place. The storage media 
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will typically still be reusable. An exannple of a logical destruction program 
is a program which erases tlie sensitive files on a hard drive when an 
unauthorized access is detected. Physical data destruction, on the other hand 
requires catastrophic destmction of the storage media to ensure that the 
5 contents in the storage media are irretrievably lost. 

In some qjplications the program destroying the logical data 
fails to con^letely destroy the data and advanced data retrieval techniques 
may be employed to recover traces of logically destroyed informatioa For 
exaiiple, information on a hard drive of a computer may be recovered by 
10 methods which detect previously written and erased binary words fi-om trace 
magnetic remnants of the words. If the logical destruction methods are only 
partially effective, physical destmction techniques may also be required to 
ensure that the data is destroyed and cannot be recovered 

It may be desirable to restrict access to particular peripheral 
15 devices on a cowpvter or workstation, rather than restricting access to the 
entire conputer system Modem conputer security systems feil to provide 
such restricted access. 

Therefore, there is a need in the art for a conputer security 
system vAnch prohibits unauthorized access and which is not vulnerable to 
20 bypass yet maintains the portability and flexibility inherent in a modem 

cofmpxjtcr system. There is a further need to provide complete protection of 
sensitive data such that the data may not be recovered by bypassing the data 
protection system or by physical removal of data storage devices. Finally, the 
s>rstem must also provide coii^lete destmction of sensitive data to prevent 
25 retrieval of data traces. 

Summary of the Invention 
To overcome these and other shortcomings and limitations in 
the art which will become parent to those skilled in the art upon reading 
and understanding the following detailed description, the present invention 
30 provides a system for controlling access to sensitive information on a 

conputer without conpromising the security of sensitive data The present 
invention restricts computer access to authorized users. In addition, it detects 
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attenpts to imitate an authorized user to gain access. Further, the present 
invention provides for configurable lo^cal and physical destruction of 
sensitive data, and provides means for adjusting the threshold requirement for 
destmction and the level of destruction to suit the degree of security required 
5 for the inforaiation stored on the computer. Finally, the presait invention 
provide a means, under the control of a centralized authorization seciirity 
adfliimstrator, for limitmg access to portions of l3ie overiall con^nit^ system 
depending cm the access privileges configured for each individtial user. 

In one embodiment of the present invention, a micrqrocessor- 

10 controlled card reader interface logically connected to the CPU of the 

conputer reads and writes information from and to an integrated drcuit card 
("card" or "smart card") placed in the card reader. The information read is 
presented to tfie CPU to detemnne v^ether the user is authorized to use tihe 
coinputar; GfU tfien spectres i^pher^s the user is miiiDiized to 

15 aee^. A cmi reader interface board logically connected to the ^iata and 
address buses of a corrputer monitors address bus of the con^uter and 
restocts access to the data storage devices and configurable ports in the 
system and executes a special verification program to vCTify authorization of 
the mar, 

20 According to one embo^ment of the present invention, when a 

valid user card is placed in the card reader one or more questions are read 
from the card and displayed to the user. The user*s responses are compared to 
the correct answers stored on the card and, if the responses match the correct 
answers, frte CPU is allowed to access all pOTph^als the user has been 

25 authorized to use. Computer security is improved by coorcfinating 

idetittficaMon information received from the card, user, and con^juter RAM to 
ensure proper verification. The system requires that the same card, user, and 
computer be used to control access. 

In one embodiment of this invention, the system provides for a 

30 method of initializing and authorizing a user card with a security administrator 
card. Upon a valid security administrator card being placed in the card 
reader, a security administrator initializes and authorizes one or more 
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individual user cards by selecting from a list of menu options displayed to the 
security administrator. The security administrator ii^uts a list of questions 
and answers A^iiich are then stored on the user card for use during the 
verification procedure. 



provides for a hierarchy of access privileges by encoding access codes directly 
on the card vMch allow users with supericn* access privileges to access data 
on computa^ of users with inferior access privileges. The same coding 
system prevents the users with inferior access privileges from accessing the 

10 con^juters of those with siperior access privileges. 

In one embodiment of the present invention, the system 
provides for the physical or logical destruction of data in response to 
unauthorized attenpts by a user to violate the physical or logical integrity of 
the conputer system. The physical and logical destructim of data may be 

15 disabled for maintenance or configuration purposes by use of a maintenance 
card 



20 Numerals are enployed throughout the written description and tfie drawings to 
point out the various features of this invention, like numerals referring to like 
features througjiout. 

Brief Etescription of the Drawing s 
In the drawings, \^4lere like numerals describe like conponents 
25 througjiout the sevwal views: 

FIGURE 1 A is a perspective view of a first embodiment of a 
secure computer system implemented according to the present invention; 

FIGURE IB is a block diagram showing the high-level 
architecture of a first embodiment of a secure computer system irtplemented 
30 according to the present invention; 



5 



In one embodiment of the present invention, the systOTi 



The preceding and other features and advantages of the 
invention will become finrdier q^parent from the detailed description that 
follows. This description is acconpanied by a set of drawing figures. 



wo 95/24696 




PCT/US95/02579 



5 

FIGURE IC is an electrical block diagram showing the 
miCTOprocessor-controUed card reader interface for a first embodiment of a 
secure computer system according to the present invention; 

FIGURE ID is a perspective view of a second embodiment of a 
5 secure con^niter system iri^lemented according to the pr^ent iiwention; 

FIGURE IE is a perspective view of a tbkd embodSment of a 
secure computer system implemented according to the present invention; 

FIGURE 2A is a block diagram of a comp\star system with a 
hard drive and interface board; 
10 FIGURE 2B is a Hock diagram showing how a computer 

s>^an with hard drive is modified to cre^e a secure computer ^^'Stem 
accofdiiig to a second embodknent of the present mvention; 

FIGURE 3 is a block <fiagram showmg flie hi#i level 
aiqhi^diure of a secure cpirpuler system acGordktg to a second enibodiment 
15 of the pr^ent mv^itioii; 

FIGURE 4 is a block diagram showing the high level 
architecture of one emboc&nent of the control ASIC shown in FIGURE 3; 

FIGURE 5 shows a Mock diagram illustr^ing the operation of 
one embotfimmt of the data steering network slrown in FIGURE 3; 
20 FIGURE 6 is a block diagram showing the loader program and 

verification program resident in the read only memory (ROM) of one 
embodiment of the card reader interface board of FIGURE 3; 

FIGURES 7A, 7B, 7C, and 7D are a flow diagram showing 
program steps taken to initi^ize and execute the security portion of a secure 
25 conqjutCT system program according to the present invoation; 

FIGURE 8 is a block diagram showing a hierarchy of access 
for users of a secure coir^juter system; and 

FIGURE 9A and FIGURE 9B illustrate a pictorial display of 
one embodiment of a mounting scheme used to co-locate a card reader and 
30 hard drive. 
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Detailed Specification of the Preferred Embodiments 
In the following detailed desaiption of the preferred 
embodiments, reference is made to the accompanying drawings \\iuch form a 
part hereof, and in vvWch is shown by way of illustration specific 
embodiments in vMch the invention may be practiced It is to be understood 
that other embodiments may be utilized and stmctural changes m^ be made 
without departing firom the scope of the present inventioiL 

FIGURE 1 A shows the conponents of a conputer system to be 
secured with a card reader interface according to a first embodiment of the 
present inventioa This embodiment was shown in U.S. Patent No. 5,327,497, 
issued July 5, 1994, by Mooney, et. al. The conputer system includes a 
keyboard 101 by vAnch a user may ii^ut data into the system, a confer 
chassis 103 vMch holds electrical conponents and peripherals, a screen 
display 105 by which information is displayed to the user, and a pointing 
device 107, the system components logically connected to each otfier via the 
internal system bus of the conputer. A card reader 1 1 1 is connected to the 
secure conputer system via card reader interface board 109. The preferred 
card reader 111 is an Amphenol® "Chipcard*' acceptor device, part number 
702-10M008 5392 4794, which is compatible with International Standards 
Organization (ISO) specification 7816, althou^ one skilled in the art would 
readily recognize that other card reader devices vAddti c<Mifoim to ISO 7816 
may be substituted. 

In order for the con^puter system to be secured, a card reader 
interface is integrated into the conputer system in a manna- similar to that as 
revealed in FIGURE IB. A card reader interfece board 109 contains a 
microprocessor 1 16 connected to the CPU of the conputer via a second data 
bus 1 17, connected to RAM 127 via a third data bus 131, and connected to 
the card reader 1 1 1 via a fourth data bus 133. The interface board 109 is 
typically inplemented with printed circuit board tedmology, although other 
equivalCTit technologies may be substituted without loss of generality. 
Peripherals 121 within conputer 103 are controlled by the CPU 123 and PLD 
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129 with a power control circuit 1 19, which turns power off and on to 
peripherals 121. A system boot ROM 126 logically connected to the CPU 
123 to start executiiig a non-volatile program contained in PLD 129 upon 
initialization of tfie computer during power-n>, clear, or warm-boot reset. 
5 An IC card 1 15 is used in conjunction with card reader 111. 

The preferred card 1 15 is a MICRO CAM)® or GEMPLUS® card (for 
exattiple, Scot 100, TBtOO, or COS IC cards), which is conapatible with ISO 
7816. By conforming to this standard, the card 115 enable the support of 
Data Encryption Standard (DES) data encryption and deoyption fimctions. 

10 Cktc sldHed in the art would reacfily recognize that otfi^ cards w*iich confonn 
to this standard and provide data encryption and cfecryption functions n^y be 
substteed The ability to encrypt md decrypt data is important, since the 
present invenacm is ^^ned to ensure tet unerraypted sensiMve cteta does 
not reside in 0*U ^v^ere it cmid be read by an u£rauthori23id user. 

15 The schematic for card reader interface 109 is d^cribed in 

greater detail in FIGURE IC. ^ficroprocessor 116 is powwed by circuit 135, 
and controls system fbn^dons via connections to the system d^ bus 125. 
System resets are initiated by clear line 137. Validation and authorization 
mfonnatton is transfonred between tfie microprocessor 1 16 and RAM 127 via 

20 the third data bos 131 in coiijunction wi& address or data select line 141, 

strobe line 143, and cMp select line 145. Backup powCT is provided for RAM 
127 by a +5 voU lithium battery 139. 

The microprocessor 1 16 communicates with system data bus 
125 as a serial communications device using CTS line 147, DTR line 149, 10 

25 MHz clock line 151, serial data out line 153, and serial data in hue 155. A 
separate 3.5 MHz clock line 157 is used to provide a clock signal to PLD 
129, which is used by the microprocessor 116 for card reset control via line 
159, card serial data control via line 161^ and card interrupt control via line 
163. The PLD 129 in turn connects to the card via card serial data contact 

30 177, card clock contact 179, and card reset contact 181. 

Moroprocessor 116 siso has the abihty to control the physical 
destmction of data within the con^^uter system via line 165. A physical 



wo 95/24696 — PCTAUS95/02579 



8 

destruction device may be triggered using line 165 as a destruct signal. For 
exanple, line 165 may be connected to a n^hanism containing a chemical 
solution vsdiich is sprayed onto a hard disk contained in the secure conputer 
system v^^en an unauthorized user attempts to violate the physical or logical 
5 integrity of the conputer system Several destmct mechanisms are taught in 
the prior art, and one of ordinary skill in the art would recognize that otiier 
equivalent destmction chemicals and mechanisms be substituted without 
loss of generahty. 

The microprocessor 1 16 uses power control line 173 with 

10 switch 171 and +5 volt relay 175 to provide powCT to the card via card logic 
voltage si^jply contact 183 and card programming contact 187. The card is 
grounded via card ground contact 185, and detected by applying power 
through card detect power contact 191 to microprocessor 1 16 by card detect 
contact 189. Card contacts 193 and 195 and line 197 are reserved for future 

15 use. 

FIGURE ID shows the con^nmts of a second embodiment of 
a secure covapater system according to the present inventioa Secure 
conputer system 100 includes a kQix)ard 101 by which a user may input data 
into the system, a coirqDuter chassis 103 which holds electrical conponents 

20 and periphCTals, a screen display 105 by which information is displayed to the 
user, a secure hard drive 113, and a pointing device 107, the system 
conponents logically connected to each other via the internal system bus of 
the computer. A card reader 1 1 1 is connected to the secure conputer system 
via card reader interface board 109. As in the first embodiment, the preferred 

25 card reader 11 1 is an Anphenol® "Chipcard" acceptor device, part number 
702-10M008 5392 4794, which is compatible with bitemational Standards 
Organization (ISO) 7816 specifications. One sidlled in the art wotild readily 
recognize, however, that other card reader devices \^4iich conform to ISO 
7816 may be substituted FIGURE ID shows card reader 1 1 1 and secure hard 

30 drive 113 co-located in a single peripheral bay. Other mounting techniques 
are available, however, which would not modify the scope of the present 
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invention, for example, positioning card reader 1 1 1 externally as shown in 
FIGURE IE 

FIGURES 2 A and 2B illustrate the modifications required of a 
standard personal con^uter system 705 in order to create a secure computer 
5 system IGO accordtng to the present invention. FIGURE 2 A is a simplified 
block (fiagram of a coif9)iiter system 705 commoEily found in the prior art 
Central proces^ng linit (CPU) 290 is eonneca^ to dedicated hard drive 
controller logic 710 v^ch serves as an in^-fece for the computer systmi to 
hard drive 113. Typic^, hard drive coBtroBOT logic 710 is a printed drciiit 

10 board vMdtt is inst^ed in the baclqplane or fettegrated into the nK)liiaix)ard of 
conq>uter 100, and hard drive controller logic 710 is connected to hatd drive 
113 mMga intdticofrfi^OT c^te fferd drive 113 may be moiirted 
octerti^ to ec*i^3ta©r 705, or int^^iaUy. 

Fi<3lME 2B shows how Ae staitdard personal computer 705 is * 

15 converted to a secure computer syst^ according to one erabocfin^t of ttie 
present invCTtion. In FIGURE 2B, seciffe con^uter system 100 is fonrod by 
adding integrated c^^it (IC) card 1 15 and attaching card reader 111, cable 
730, and card reaikr interface board 109 to system 705. Card reader 1 1 1 rmy ^ 
be addi^ to flie system by removing cable 720 fixMn hard drive 1 13 and ifr 

20 com^^^ir^ it to card reacfer interface board 109, then connectmg card reader l 
111 to card readwintCTfece board 109 via c^le 731. I^rd drive 1 13 is 
connected to card reader interface board 109 using cable 730. 

Card reader 111 acts in concert wth card reader interface board 
109 to limit access to sensitive data stored both on hard drive 1 13 and card 

25 reader intofece board 109. Integrated circtiit caid 1 15 is prq>rogrammed with 
information used to verify that the user is authorizied to access the sensitive 
data stored on hard drive 1 13. Security for sensitive data stored on hard drive 
1 13 is provided by requiring a minimum of three distinct sources of 
authorization verification information in order to access the sensitive data In 

30 order to gain access to the sensitive infonrntion stored on hard drive 113, 
bodi card 115 and card reader interface board 109 must present proper 
identification information and the user must enter a series of predetermined 
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answers to a series of predetermined questions. If any of the sources of 
identification information is incorrect, board 109 may prevent access to the 
secure computer system 100 by fi-eezing the system bus 292 (requiring cycling 
of the S5^tem power to reset secure computer system 100), logically 
5 destroying any sensitive data on the system, or physically destroying the 
storage devices containing sensitive information. 



specified in greater detail using the following figures. FIGURE 3 is a detailed 
electrical block diagram of the secure computer system 100 of FIGURE 2B, 

10 showing connections between card reader interfece ^board 109, card reader 
1 1 1, secure hard drive 1 13, and central processing unit (CPU) 290. In the 
presoit invention, indqjendent, dedicated data buses are enployed such that 
card reader interface board 109 communicates with card reader 1 1 1 via card 
readCT bus 225, hard drive 1 13 via hard drive bus 272, and CPU 290 via hard 

15 drive controller logic 710 and system bus 292. (hard drive bus 272 is 

analogous to cable 730 of FIGURE 2B and system bus 292 is analogous to 
: cable 731 of FIGURE 2B.) Hie utilization of independent dedicated data 
buses for communications with card reader 111, hard (hive 1 13, and CPU 290 
decreases the diances for retrieval of sCTsitive data and OTcryption 

20 information, since system bus 292 transfers only unencrypted d^ to the 
con^uter system fi-om card reader interface board 109. An unauthorized 
intruder would have to monitor all three buses to attempt to decipher the 
enoyption codes used and the mediod by vsiiich tfie security system interacts 
with the coiiq>uter system 

25 FIGURE 3 also shows the intercoimections of the conponents 

on card reader interface board 109. In one embodiment, the card reader 
interface board 109 contains a Zilog Z86C61 16 processor 220 for controlling 
data transfer between card reader 1 1 1, hard drive 1 13, and CPU 290. The 
Z86C61 16 is an 8-bit data bus, 16-bit time-multiplexed address bus 

30 microprocessor specified in the Zilog Z8 Microcontrollers Book, DC8305-01 
(1993), wiiich is incorporated herein by reference. OthCT microprocessors may 



The details of one embodiment of the present invention will be 
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be readily substituted without materially aflfecting the scope of the present 
invention. 

Processor 220 controls the transfer of data on card reader 
interface board 109 by issuing comnmids to control ASIC 230. Control ASIC 
5 230 acts as "^^e logic," under omtrol of processor 220, coordinating the 
operation of data steering network 240, dphef eiigifie 270, and processor 220 
to control information transfer betwem GPU 290, RAM 260, and hard drive 
113. 

Efata steering network 240 is an 8-bit controHable input and 
10 oir^ut port cfrcuit deigned to aBow pfX)cessor 220 to communicate with 

RAM 260 and ciph^ engine (CE) 270, but to prevent unauiiorki^ access by 
a user contraBing system bus 2^ to retrieve fitMH RAM 260. FIGURE 5 ^ 
is a block ife^pam sh^30iv^ &e eperadon of Ae dsfta steering ne^^roik 240. ^ 

15 bidire^i^i^ parcel muleteer ^vsMch Mnits data fif^nsf^ from prcK^essor 220 ^ 
to RAM 260, or alteir^vely to CE 270 (and, therefore, pote^ally to system 
bus 292 ifport A 274 md port C 278 of CE 270 is connected). Attemptsto ^ 
read information fr«n the address space assigned to RAM 260 v^di ^ 
origmate from Ae system bus 292 are in^ssible, ^ce RAM 260 is logically ^ 

20 isolated such that no addr^ ^>ace exists from systCTi bus 292 to access 
RAM 260. 

Reftinung to FIGURE 3, m one enibodin^t cipher engine (CE) 
270 is an 8-bit NSA certified DES encryption engme rreetii^ ^^ecificadon 
DES 3. Such a device is manufectured by Con^uter Hektronik as p^ 
25 numl^ CE99CQQ3, FurthCT information detmMng the operation of that 
embodiment of CE 270 may be found in CE Infosys 99C003 Data Sheet 
Veision 1.01. 

CE 270 is controlled by processor 220 via data steering 
network 240 by commands received at port C 278. CE 270 may be instmcted 
30 by processor 220 to provide a data path between port C 278 and port A 274 
(no encr>ption) or between ix)rt A 274 and port B 276 (DES encrypted data 
output from port B 276, and nonenoypted data from port A 274). During 
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system initialization a data path between data steering network 240 and 
system bus 292 is created using port C 278 and port A 274 A\iiereby 
nonencrypted data can be transferred under control of {processor 220 to system 
bus 2S>2 via hard drive controller logic 710. Once user authorization is 
5 verified and there are no pending security violations detected, CE 270 uses a 
key to DES encrypt data transmitted by port B 276 to hard drive 1 13. 
Similarly, CE 270 deciphers encrypted data from hard drive 1 13 and presents 
it to system bus 292 via hard drive controUer logic 710 v^en port A 274 to 
port B 276 charmel is allowed. One skilled in the art would readily recognize 

10 that other cipher engines v^ch conform to the above-mentioned standards and 
siq3port data encryption may be substituted without materially modifying the 
spirit and scope of the present invention 

RAM 260 is subdivided into secure and open segn^ts by 
memory m^ing the secure segments such that they are accessible only to 

1 5 processor 220. This prevents both accidental and intentional loss of secure 
information from the RAM 260 to the system bus 292. RAM 260 is 
addressable only by processor 220 and contains DES base kernel key 
encryption information and answers to verification questions retrieved from 
card 1 15 by processor 220. The open portion of RAM 260 contains the 

20 verification questions retrieved from card 115 and other nonsensdtive data. 

As can be seen in FIGURE 6, ROM 280 contains loader 
program code 610 and verification program code 620 used by the CPU 290 
upon initialization to load and execute the verification program Since 
standard BIOS routines attempt to boot from the C: drive the use of ROM 280 

25 in concert with processor 220 and control ASIC 230 to simulate a C: drive 
allows the present invention to be used in the standard IBM conpatible 
personal con^juter without having to modify the system BIOS (basic 
input/output system). 

Card 1 15 is used with card reader 111 under control of 

30 processor 220 to provide the conputer systan 100 with information 

concerning DES key encryption, verification questions and answers, user 
access privilege level, expiration date, origin of card issuance, and card usage 
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history. As in the first embodiment, the preferred card 1 15 is a MICRO 
CARD® or GEMPLUS® card (for example, Scot 100, TBIOO, or COS IC 
cards), which is con^atible with ISO 7816. One skilled in the art would 
readily recognize that other IC cards vMch conform to this standard and 
5 provide data encryption and decryption functions may be substituted without 
materially mto^iytog the spirit and scope of the present tnventicMi 

ucmcAL & mmmcAL destimt HAM>Wig^ 

Control ASIC 230 also monitors atten^ted unauEhorfezed 
retrieval of data fix)m #ie protected storage devices arid presents information 

10 to pr€K:essor 220 if control ASIC 230 detects an attempted unauHiorized 
access. Processor 220 momtors signals firom the cx)iitrol ASIC 230 and 
comn^^ confrol ASIC 230 to issue a command to eitfier logically or 
physically d^troy protected kifbrm^m m RMA 260 or secure hard drive 
113. L^gied Instruction of data on file RAM 260 is aceon^fished by 

1 5 asserting trigger signal 211 emanating from processor 220, clearing the 

contents of RAM 260. Logical destruction of the sensitive data on hard drive 
113 follows naturally, since the DES encryption key synthesis information is 
destroyed v^^en the RAM 260 data is destroyed, and, without the DES key, 
the information on hard drive 113 is logically irretrievable. Physical 

20 destruction of data can also be accon^Mshed by asserting physical destmct 
sig^ 212 emanatii^ Srom processor 220, as a means of triggering a physical 
destruct package 213. As in tiie first embodiment several pAij^ical destruct 
padcages are disclosed in the prior art, siK:h as a ferric cWoride spray or 
plastic explosive package. 

25 Card reader interfece board 109 also contains an octra defense 

a^nst physical tampering. In one embodiment, a transistor circuit 210 is 
used to r^idly erase the contents of <tynamic RAM 260. In such an 
embodiment, circuit 210 grounds flie power pin of RAM 260 to erase the 
contents of RAM 26Q. In nomial operation, trigger signal 21 1 is not asserted, 

30 thereby aliowtng the collector of transistor circuit 210 to remain at a voltage 
of qjproximately Vcc. In this mode of operation RAM 260 is powered by the 
siqiply voltage Vcc whereby current travels throu^ diode 261 and fuse 263 to 
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RAM 260. If power is intem^ed the battery 200 provides current to RAM 
260 through diode 262 and fuse 263. 

When the trigger signal 21 1 is asserted (by processor 220) the 
collector of npn transistor 210 is forced to a low voltage and current flowing 
5 through diode 261 is sufficient to bum the fiise 263, thereby allowing the Vcc 
terminal of RAM 260 to drop to zero volts and erasing the logical contents of 
RAM 260. Alternatively, if the battery 200 is sillying RAM 260 with 
current, the trigg^ signal 211 will cause sufficient current to flow through 
fuse 263 to bum fiise 263, and again, the voltage at the Vcc terminal of RAM 

10 260 will drop to zero volts and erase the logical contents of RAM 260. 
FVocessor 220 can initiate the logical destruct feature if control ASIC 230 
alerts processor 220 that an unauthorized access is being attenpted 

The logical and physical destruct mechanisms described provide 
sevCTal difiFerent levels of data security, hi one embodiment of the present 

1 5 invention there are five selectible security levels: 

1) Freeze the conputer system bus, requiring a "cold boot," 
(power off and thai on or "reset"); 

2) AltCT the contents of the integrated circuit card so diat 
the card must be updated to be authorized for another session; 

20 3) Clear RAM 260 of the stored kernel for the encryption 

key; 

4) Logical destruction of RAM 260 memory, requiring 
reinitialization of RAM 260 before anotfao: session may be performed on the 
conputer system; and 

25 5) Physical destmction of computer system memory. 

CXher security levels are possible and those skilled in the art will recognize 
that combinations of these levels of security are possible without departing 
fi-om the scope and spirit of the present invention. 
INTERFACE BOARD CONTTROL & (XIMMUNICATIONS 

30 Activities on the card reader interface board 109 are 

coordinated in part by code "burned into" an internal ROM in processor 220 
and in part by execution of an authorization verification program as detailed 
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below. This allows processor 220 to respond to commands issued by CPU 
290 during the authorization verification program execution, yet maintain 
security of sensitive data on card reader interface board 109 by acting as a 
dedicated controller of sensitive DES encryption data and authorization data 
5 Processor 220 communicates with control ASIC 230 to control data steering 
network 240 and ROM 280, atid controls CE 270 u^ffig commands issued on 
bus 222 to GE 270 via data steering network 240. Processor 220 is solely 
responsible for communications with card reader 111, vMck enhances the 
overall security of fee present invention since sensitive (fata is not placed on 

10 the system bus 292 vhsrc it is vulnerable to retrfevd. 

Control ASIC 230 is connected to ROM 280 and data steering 
network 240 using bus 223 and is also conneisted to the monitor and freeze 
ODiitrol lines of QRJ 290 which ^ov^ contpol MIC 230 to "freeze" s>^t^ 
bus 292 i^n d^aiaad fey freezing the system bus 292 if a prohibited access is 

15 detected over the monitor lines. Control ASIC 230 ^snds a signal to m 
processor 220's INT interrupt 221 when it freraes system bus 292 to inform ^ 
processor 220 that the bus was frozen, since processor 220 is not connected to i^,- 
system bus 292. ^ 
Control ASIC 230 contains a counter (not shown) which counts 3:. 

20 the number of "sectors" retrieved from ROM 280 durmg boot and loading 
frmcdons (described below) to simulate a hard drive inter^^ to CPU 290. 
FVocessor 220 is notified by control ASIC 230 when the last byte of program 
information is read from ROM 280 by CPU 290. Cipher Engine 270 routing 
is controlled by signals from processor 220 to control ASIC 230, and may be 

25 programmed to connect port A 274 to port C 278 to allow processor 220 to 
communicate with system bus 292 (and CPU 290), or connect port A 274 to 
port B 276 to aUow CPU 290 to communicate with hard drive 1 13 once 
security conditions have been satisfied, as detailed below. 

FIC5LKE 4 is a block diagram of the fundamental components 

30 of control ASIC 230. Confrol ASIC 230 inchides a control register 950 with 
bits ^signed fi>r the control of data steering network 240 and ROM 280 via 
control port (CP) 910. These bits control vsdiether bus 222 is connected to 
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RAM 260 or CE 270 via data steering network 240. Similarly, the control 
bits assigned to the control of ROM 280 assist in the simulation of a C: drive 
during the BIOS initialization which is detailed below. Control register 950 is 
programmed by instructions from processor 220, and the status of the control 
5 bits may be determined by reads from processor 220 of status register 960 via 
processor port 980. INT port 900 is also connected to the control and status 
registers, and indicates ^^ilen the systOTi bus 292 is "frozen" when a security 
violation is detected as described above. 



10 programs registers (not shown) in bus address monitor 930 by transmitting 
mask words to these registers via processor port 980. Each mask word 
conprises a programn^le template identifying authorized peripherals for the 
particular user as defined by the card 115 v^en issued by the security 
administrator during the authorization visit, described below in the 

15 SECURITY ADMn^flSTRATOR AUmORIZ^ Control 
ASIC 230 is ccMinected to system bus 292 (as . shown in FIGURE 3) via bus 
port 920, and can thonefore monitor the atten^ted accesses on system bus 292 
and compare them with the tenplates stored in bus address monitor 930 using 
combinational logic 940 to determine if an unaudiorized peripheral access has 

20 been attempted If an unauthorized peripheral access is attenpted one 

embodiment of the present invention will fi:-eeze the system bus 292; secure 
conputer system 100 remains unusable until a power cycle of conputer 100 
(to reset confer 100) is perfonmed Port 920 of control ASIC 230 is 
connected to hard drive controller logic 710, as shown in FIGURE 3, in order 

25 to control access to hard drive 1 13 in a manner known to those skilled in the 
art. 



peripheral devices such as serial and parallel ports, netwoiks, and A or B 
floppy disks. Bus address monitor 930 monitors normal BIOS references 
30 during initialization, such as reset, warm, or power-up boot, and monitors to 
detect attended prohibited accesses to denied peripheral devices as defined 



In one embodiment of the present invention, processor 220 



Bus address monitor 930 monitors system bus 292 references to 
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on card 1 15 during the authorization visit (see SECURITY 
ADMINISTRATOR AUTHORIZATION VISIT section below). 
DATA STEERING NETWORK 

Dafe steering network 240 is shown in a simplified block 
5 diagram in FIGURE 5. Dato steering netw€ik 240 essentially acts as a 

bidirectional, ei^t bit parallel, steerable data channel. Control ASIC 230 can 
control whether the eight bit bus 222 fit)m processor 220 is connected to 
RAM 260 or CE 270 by decoding tte address on bus 222 and selecting input 
20 of the data steering networic 240. Control ASIC 230 can also disable the 
10 data steering network 240 by togging liable i^ut 30 of data steering 
networic 240. This c^>eration also msures ibat CE 270 is never directly 
connected to RAM 260 via data steering network 240, adding to the 
protection of daita stored in RAM 260. 



TYPES OF C^QS AM> TtMl HMCHCIJ ^ 

15 There are essentially three types of cards: maintenance, issuer, ^ 

and us^ cards. The maintenance card allows the user to access the system #■ 

only for cfiagnostic purposes, but no saisiti ve data is accessible using the #r 
n^intenance card An issuer card is the topmost card of the security 

hierarchy. It enables the issuing program to configure a plurality of ^ 



20 subordinate u^ cards. In one mibodbnent, user cards c^ create subordinate 
usff cmtls and aHow the user to access peripherds per privilege granted by 
the issu^ durix^ card configuration The user cards liable users to access the 
secure information on con^>uter 100. 

One enixxliment of tfie security hierardiy is shown in FIGURE 

25 8. Box 500 represents an issuer card called the issuing office card Box 501 
is also an issuer card called the security administrator's card. The issuing 
office card 500 is used to create the security admintstrator's card 501, v^ch 
in turn creates subordinate user cards represented as the remaining boxes in 
FIGURE 8. In tins embodiment, the issuing office card 500 may not access 

30 data in con^uter system 100; its purpose is to create subordinate user cards, 
such as cards 510, 530 and 540. 
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SECURITY ADMINISTRATOR AUTHORIZATION VISIT 

The next section of the specification of the present invention 
requires a discussion of the information stored on the user card 115 prior to 
the first use of the card 1 15 by a user. A special card issue program is run on 
5 a conputer system 100, as shown in FIGURE ID, wWch programs the user 
card 115 pursuant to ISO 7816 specifications. This progi ai m ni ng is typically 
done by a security administrator wiio is responsible for determining the scope 
of authorization of the particular user. Such a session is called an 
authorization visit. 

10 The card issue program used to conduct an authorization visit 

win store in separate registers located on card 115: e?q)iration date of the 
card; the code associated with the issuing oflBce; the peripherals which this 
particular user may access with this card; a code identifying the card as a 
maintenance card, issue card, or user card; the level of authorization of the 

1 5 user of the card (see the ACCESS HIERARCHY discussion of FIGURE 8, 
below); a series of questions used to identify the user; and Aeir associated 
answers. 

A "first use" register is also dedicated to indicating wiiether the 
card has been used before to allow the system to identify first use. First use 

20 presents an opportunity to configure conputCT systmi 100 by storing in RAM 
260 sensitive data pertaining to the specific user. In the event the information 
on RAM 260 is erased, the first use register indicates that the card 115 was 
used at least once and the user wiU be required to report to the security 
administrator to have the card reissued before secure coirputer system 100 

25 will accept it. 

A retry counter register is also programmed during the 
authorization visit wiiich contains a v^ue specifying the number of errors a 
potential user can make in answering the user identification questions before 
the system terminates the verification process. In addition, certain information 
30 is stored in the card automatically under ISO 7816 specification, such as the 
type of card vAnch is being used (for exanple, MICRO CARD® or 
GEMPLUS® cards) and the amount of memory available on the particular 
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card One skilled in the art would readily rCGOgnize that the information 
stored on the card may be stored in other configurations without materially 
modifying the scope and spirit of the preset invention. For example, the 
number of questions may be varied without materially changing the inventioa 
5 QUESTIONS AMD ANSWRS USED FOR IDENTIFICA^QN 

A series of questions are posed in a consistent format, and the 
answers ffl^ recorded to identify a particular usw. For exarrple, one question 
the usCT mi^ be asked is: "\^^iat is your favorite color?" The user should 

10 respond with a text string enfay v^ch matches the pnerecorded answer. 
Tlrenrfore if the user respom^: "Bhie", but the answer was presnscorded as 
"B@L$U*E!", Ike response wHl be incorrect and, depending <m fee value set 
in fee retiy counter, fee user nmy be deJiied acc^s or dlowed to ai^wer 
ant^feer question. O^e embodtaent ©f fee present inv^tion mm ^^gin 

15 questier^ to identify the user. Such an ^»x>adi reduces the chance ah 
unauthorized user can acquke fee correct respcHises through surreptittous 
nseans. It should be obvious that any subconabination of fee fifteen ^pestions 
may be used fbr identificatioh pui^ses. In one mibodin^t of fee pr^ent 
invention, a random number genoBtor decides fee number of questions to 

20 (miiiinium three), and fee particular questions selected However, it is clear 
tl^ fee number of qu^ons and Ihsir selection process may be alte^ 
wifeout materially altering the scope of the present invention. 
INITIALIZATION OF THE SECURE COMPUTER SYSTEM 

FIGURE 7 shows a flow digram detailing the procedure by 

25 which fee present in\'ention acquires control of fee con^juter for user 

identification and verification purposes i^n an initialization such as power 
v^), clear, or warm boot reset Those skilled in fee art will readily appreciate 
that minor modifications to fee order or exact inplementation of fee following 
steps Avill not materially modify eifeer fee scope or spirit of the present 

30 inventioa Upon initialization, at step 704 fee standard conpuier BIOS will 
query fee con^uter s>^tem to detoroine fee present configuration of fee 
system. Processor 220 is programmed to monitor and save BIOS routine calls 
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made by the secure computer system's BIOS during step 704. Control ASIC 
230 assists processor 220 in monitoring and memorizing the BIOS routine 



purposes to ensure that subsequent reboot of the con^niter system with the 
standard operating system conforms with the initial pattera Such a check 
verifies that the system BIOS is, indeed, in control of the subsequent reboot 
process. This prevents loading of another system BIOS to bypass the security 
system in order to access sensitive data. 



intCTface board 109 is designed to simulate the presence of a hard drive. At 
initialization, CPU 290 executes the standard BIOS routine of loading the first 
"one and/or two sectors" fi-om the C: drive. Card reader interface board 109 
intercepts the read issued by CPU 290 and directs it to ROM 280. As is 
illustrated in FIGURE 6, ROM 280 contains loader program code 610. 
TTiCTefore the first one or two sectors of the "C: drive" are read fix>m ROM 
280. (Whether one or two sectors are loaded depends on the type of CPU 
290, speed of CPU 290, and type of BIOS used by the conputer system.) 
Loader pjrogram code 610 is then executed by CPU 290 to retrieve, at 709, the 
remaining "sectors" oif ROM 280. Those sectors contain a verification 
program (620 of FIGURE 6) used to verify the authorization of the user to 
access the system. Control ASIC 230 monitOTS the loading process, informing 
processor 220 at step 712 whoi the last byte of code is loaded into CPU 290 
so that processor 220 is aware that the verification program is about to 
execute on CPU 290. Processor 220 then generates, at step 713, unsolicited 
card status fi-om card reader 111. Meanwiiile, at 714, CPU 290 executes 
verification program 620. When unsolicited card status has been retrieved, 
processor 220 instructs control ASIC 230 to connect processor 220 to system 
bus 292 via data steering network 240, CE 270, and hard drive controller 
logic 710 (step 721). Processor 220 then transmits the status of card reader 
1 1 1 to CPU 290, however, the verification program will loop until unsolicited 
card status is received fi-om processor 220 (step 722). 



calls. The memorized calls are then used as a tenplate for conparison 



As detailed above, the hardware present on card reader 
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USER AUTHORIZATION VERIFICATION PROCEDURE 

At this point, the processor 220 is actually eontroUing system 
bus 292 using handshaking lines, yet processor 220 is responding to requests 
made by CPU 290 throu^out the execution of tfie veriication program. CPU 
5 290 receives an intemapt indicating that a card was inserted, and vviiether a 
conductive card is preset (steps 724 and 728). If no card is present, then a 
mesisage to "insert card" is flashed to the opCTator on displ^ 105 (step 726). 
If the card 115 is conductive, then the system bus 292 is frozm and the 
verification process is tenninated (step 736). If the rard 115 is 

10 nonconductive, then power is ^^tied to the card rcad^ 111 (step 729). Upon 
powen^, die card 115 issues an unsolicited reset iiKss^e vMch is transferred 
to the CPU 290 by processor 220 (step 732). Processor 220 resets card reader 
1 1 1 by holding the ^T signd (224 of FIGURE 3) low (active) for a 
sp^ified time as defined by ISO 7816-3, and th^ raises the signal to indicate 

15 md of reset to <^rd 1 15. Card 115 issues a r^et message to processor 220 
via card reader 111 vAnch identifies vvdiether the type of card bd^ used is 
MICRO Ci^RIXg) or GEMPLUS® (per ISO 7816, MICRO C>«IDCE) and 
GEMPLUS® Technical Manuals) (step 734). If the card 1 15 is not an 
acceptable card, then processor 220 freezes the system bm 292 asd terminates 

20 the audiorization process (step 736). If the card is accepted as potentiaUy 
valid then die verification program detarniines if the card was issued by the 
correct issuing office {step 742). The e?^iiration date is also retrieved from 
the card by processor 220, but must be sent to CPU 290 because processor 
220 does not have a clock/calmdar to conpare the expiration date (step 744). 

25 If either of the tests in stq>s 742 or 744 fail, then system bus 292 is frozen by 
processor 220 and the verification process is stopped (step 736). If die card 
115 meets the previous tests, then CPU 290 instructs processor 220 to read 
several questions and their associated correct responses from the card 1 15 and 
load them into RAM 260 (step 746). In one embodiment of the present 

30 invention, the answers are stored in the secure area of RAM 260 and the 
questions, v^ch are nonsensitive, are stored in the open area of RAM 260. 
The user is then queried for reqxmses to questions read firan card 1 15 and 
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must answer the questions conrectly to gain access to the conputer. The first 
question is displayed to the user (step 748), an operator respjonse is received 
by CPU 290, formatted, sent to processor 220, and compared by processor 
220 with the answers stored in the secure space of RAM 260 (steps 752 and 
5 754). A retry counter located in pirocessor 220 is incremented each tin^ an 
error is made in answering the questicMis, and is preprogrammed by the 
security administrator to temnnate the verification program if the number of 
erroneous responses exceeds the preprogranmied value (stq)s 758 and 736). 
This protection is installed to prevent an unauthorized user of a card fi-om 

10 repeated guesses of the correct answers to the posed questions. 

After the last question is asked (step 762) the DES encryption 
key is calculated (step 764). hi one onbodiment of the present invaition, the 
key is calculated using usct unique binary information stored on the card 1 15 
and in the RAM 260. This allows flie program to calculate unique keys even 

15 if the key generation equation is identical fi*om user to user, since the iiq>uts 
identifying each user will be dependent on the answers given by the user, and 
therefore, the calculated key will be unique. Another embodiment of the 
present invention will have the verification program pronq>t &e user with an 
additional question to assist in the key randomization process. Alternate 

20 embodiments of the present invention could insat such a question at any 
point in the verification program prior to the key geno^tion step. In one 
embodiment of the present invention, the key generation algorithm is given by 
the pseudocode shown in TABLE 1; 



25 TABLE 1 
BEGIN: 

read the binary cJata from card 115 associated 
with the prerecorded questions and answers; 

reduce the binary value by powers of nine; 
30 store the carries generated in a register to form 

a random n\imber; 

exclusive or the random number generated in the 
previous step with data stored in RAM 260 of secure 
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corrputer system 100 to generate 16 strings of 64 bits, 
which will serve as potential keys for encryption; 
load the sixteen keys into CE 270; 



number; 

use that key for enciryptibn purposes; 

10 However, it will be clear to those skilled in the art that other formidas may be 
used without materially modifying the spirit md scope of tfie present 
invention. 



encryption table, into tiie CE 270 (step 772), so that the CE 270 will be ready 

15 for encFyption if the test of the loa#ig is passed (step 774). If the table is 
not loaded correcliy, then the verification p^C)^Bm will termitiate {stsp 736). 
If the table is loaded correctly, the processor 220 revievs^ the. CTitoe history of 
the venfication sequence (776) to ensure diat all of the requimi tests have 
passed (778) before connecting the s>^em bus 292 to CE 270 (782). If, at 

20 778, ail required tests have not passed correctly, the vaification program is 
terminated at stqp 736. Otherwise, the CPU 290 will then boot fix>m hard 
drive 1 13 in ordsr to execute the disk operating system for secure ootjoputsr 
100 (step 784), Processor 220 monitors tins reboot jjrocess usii^ control 
ASIC 230 to monitor the BIC^ routine calls to ensure that the native ^stem 

25 BIOS is properly rebooting the con^niter from hard drive 1 13 (step 786). If 
any unauthorized accesses are attempted, system bus 292 is frozen and the 
verification program terminates (steps 792 and 736). Unauthorized accesses 
include: unauthorized access of peripheral (monitored by bus address monitor 
930 on control ASIC 230), and atten^ts to boot from the A: instead of C: 

30 drive (monitored by processor 220), (step 788). If no unauthorized accesses 
are detected, tiie program will allow the user to use disk drive 1 13 until the 
session is terminated by the user via removal of card 1 15 or sj^tem reset (stqD 
794). Once the user is done, system bus 292 will be frozen and the conputer 



5 



generate a random niamber between 1 and 15; 
select one of the sixteen keys using the random 



After the key is generated, it will be loaded, along witfi an 
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100 must be power cycled (to reset conputer 100) before another session can 
take place (step 736). 
ACCESS HIERARCHY 

FIGURE 8 shows one embodiment of a hierarchy of secured 
5 access codes among a multiuser organization- The present invention teaches a 
hierarchy coding method used to generate families of access codes which 
f)ermit horizontal and vertical segregation of access codes within an access 
hierarchy. As shown in FIGURE 8, the access code is designed to allow a 
superior of a subordinate user access to the connputer of the subcffdinate, but 
10 only if the siq)erior has access in the same vatical portion of the user 

hierarchy. For exan5)le, referring to FIGURE 8, user 520 cannot access the 
inforaiation on user 510's conyuter (520 is subordinate to 510), but can 
access the infomiation on the conqjuteis of users 522. However, user 520 has 
no access authority over usa* 550 (no horizontal access privilege), nor does 

15 user 520 have access autfiority over users 552 (lackii^ vertical commonality). 
A benefit of sudi organizations of key information is that access may be 
limited in an organized and restricted hierarrfr/, < For exanple, if somehow 
security is compromised in the middle branch of FIGURE 8, then the left and 
ri^t brandies are not conpromised 

20 A vast array of users may therefore be accommodated easily 

within the hierardiy shown in FIGURE 8 by dedicating access code words to 
each level. In one such embodiment, sixty-four (64) bits are allocated to the 
access code word describing 510 level, allowing 2^ unique codes at 510 level; 
sixty-four (64) bits are allocated to the access code word describing level 520, 

25 allowing 2^ unique codes at the 520 level; and sixty-four (64) bits are 

allocated to the access code word desoibing level 522, allowing 2^ unique 
codes at the 522 level. These bits may be stored on card 1 15 in dedicated 
registers and assigned by the security administrator during the authorization 
visit 

30 The horizontal sq3aration of users, rmy be easily attained by 

including an extra question in the list of queries posed and answered during 
the verification program execution. An answer could be predeteraiined which 
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would be common among all users in a common vertical group, and which 
would segregate them from other users in other vertical groups. For exanple, 
eadi individual vertical group would be identified by a unique, predetermined 
response to the same question. The response could be mapped to a binary 
5 number, vMch could serve as a consistent offset fcr purposes of generating 
the aecess <s€yde. For exatiple, if a question asked for a fkvoitite sport, the 
resporise "^If coidd be used by all members of a particular vertical group to 
identify ihek group. 

In one embodimoit of the pr^ent invention, fifteen (15) 

10 questions are med to identify the user, an extra question is used to identify 
the partiodar vertical brandi of tfie access tree the user resides. These 
questions are ^[^loyed to select the DES encryption keys avaflable to the ^- 
usCT. In iMs w^, the DES enoyption key questions serve as a fiarther 
randcmakaticm ^ the access code ii^cfa is user d^)endeiit ^ 

15 fesentidly, access infi>ilnation is distributed between tte i^er 

(in the preproparamed rraponses generated by that user), the card 115 ■ 
(pm^^dcmsasd vrfien the individual is given access authority), and RAM 260 %^ 
stored on card reader controller board 109. Therefore, in one embodiment of # 
the invention, the access code is a combination of the user, the card, and the 

20 conqsuter wWch the user uses. This provides for a hi^ level of security for 
the OTtare system, and requkes that die met be re-authorizied by the security 
admidistrator every time the user's access privileges are lost due to incorrect 
or improper attempted access. In this w^, security administrators can control 
the access att^iipts by the users since they are infomied each time a potential 

25 security breach is encountered; users must be re-authorized if the 

identification information in RAM 260 is destroyed by attenrpted unauthorized 
access. 

DESTRUCTION OF DATA 

Logical destraction of tile data resident on the various memory 
30 storage devices found on the con:5)uter system may be preprogrammed to 
occur after a fixed number of failed atten^Jted accesses (see FIGURE 7 
discussion of retry counter, step 758). In one embodiment, board 109 goes 
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fiirther and freezes the system bus 292 to prevent unauthorized retrieval of 
sensitive information following detection of a potential security breach. The 
data stored in hard drive 1 13 is logically destroyed vAicn the DES encryption 
key is erased since die key cannot be reconstructed by the intruder. 
5 Therefore, if the key information in RAM 260 is destroyed, it is equivalent to 
rendering the data stored in hard drive 1 13 logically destroyed, since without 
the encryption key it is undecipherable, hi one ^bodiment of tfie presoit 
invention, the DES key kernel information stored on RAM 260 is destroyed 
by clearing RAM 260 using an algorithm executed by processor 220 upon 

10 detection of atten^ted unauthorized access, or by grounding the power pin of 
RAM 260 using transistor circuit 210 as described in the section LOGICAL & 
PHYSICAL DESTRUCT HARDWARE, above. A fiirther hurdle requires that 
any user \^4iose card 115 is invalidated by unaudiorized access visit the 
secinity administrator to get their card reinstated Physical destruction of the 

15 data storage media is also possible by asserting physical destruct signal 212 
generated by control ASIC 230 under control of processor 220 in the event of 
a breach, triggerii^ destmct package 213 designed to pAyisically destroy the 
hard drive 113 and RAM 260. 



20 invention are also possible. In one embodiment, the selection of destruction 
means and the process by v^ch the destruction methods are invoked are 
programmed by altering the code in the internal ROM of p-ocessor 220 or by 
varying the value of retries allowable on the register of card 1 15. Therefore, 
one embodiment of the jiresent invention is not limiting and does not 

25 materially limit the scope of the present invention. 



facihtate physical mounting of the card reader and a resident hard drive. For 
example, a hard drive 1 13 can be co-located with a card reader 1 11 to form a 
30 single unit conprising a secured disk drive as shown in FIGURE 9. This 
mounting scheme illustrates only one of several possible embodiments of the 
mechanical mounting of the card reader receptacle 820 in the present 



Alternate embodiments of the destruction means of the present 



FIGURE 9 illustrates one embodiment of the present invention 
showing a card reader receptacle 820 mounted with a hard drive 810 to 
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invention. Other embodiments illustrating the mechanical mounting of card 
reader receptacle 820 are possible without materially nxKlifying the scope of 
the present invention. 

Those skilled in the art will readily see that the present 
invention offers several benefits over other devices includmg but not limited 
to tiie d)ility of one embodiment to provide three levels of con^niter security. 
For instance, one embodio^t of the present invention provides security in 
three distinct ways: 

(1) immediately averting control of the con^uter system upon 
imti^zation in the fcum of preboot protection, since the card reader interface 
board simulates the C: drive loader code beftsre an intradOT can intemipt the 
q^stan thereby imti^^y takes CDntrol of the CPU; 

(2) after preboot oontrol is aicquked a user venficafeon program is 
executed to ensure that tihe user is audioii23ed to access the conqxiter; and 

(3) ongoing monitoring of con^mter activity as the computer system is 
in use, to detect atten^ted unauthorized accesses using a bus address monitor 
and destroy SCTsitive program and mcrypticMi key information before an 
intruder can break into the system 

Those skilled in the at will readily appreciate diat the scope of 
the present invention is not restricted to securing personal computers, but may 
be extended to securing other types of conqjuter systems Qergsv or smaller) or 
specific pCTipherals of both small and large conputer S5^tems. Additionally, 
the present invention may be en5>loyed to secure the digital data stored on 
any system vsiiich stores SCTsitive digital informatioa 

The present invention discloses the use of die card reader 
interface board 109 in conjunction with hard drive 113. It should be apparent, 
however, that the same type of security could be ^Tplied advantageously to 
control the contents of other nonvolatile memory such as a corrpact disc (CD) 
ROM system, Personal Computer Memory Card International Association card 
(PCMCIA card), or streaming tape backup unit. Indeed, the present invention 
can be ^hed advantageously to control access to any peripheral wdiich could 
be connected to a con:q>uter system. For instance, the present invention could 
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be applied to secure subsections of mass storage devices, such as partitioned 
hard drives or PBX switches. Alternate encryption methods, larger or smaller 
data and address buses, alternate integrated circuit cards and readers, and 
modifications to the control algorithms enployed in the present invention may 
5 also be used without materially altering the scope and spirit of present 
invention. 



characteristics and advantages of the invention have been set forth in the 
foregoing description, together with details of the structure and function of the 
10 inivention, the disclosure is illustrative only, and dianges may be made in 
detail, especially matters of sh^^, size, and arrangement of parts within tfie 
principles of the invention, to the full extent indicated by the broad general 
meaning of the tem:^ in wWch the appended claims are expressed 



It is to be understood, however, that even thou^ numerous 
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What is claimed is: 

1. A method of operating a con^3uter, con^arising the steps of: 
a) prior to boot, ac;qiiiriiig control of the GPU; 

5 b) loading a verification program; 

c) veriiying that the user is authorized using tiie verification program; 

d) prohibiting aec^ to the computer if the user is not authorized; 

and 

e) providirg aec^ to the conqjirter if die user is authorized, 
10 conqmsing the steps of: 

1) monitoriiig bus accesses to detect if a user is attempting to 
read or write to an unaudiorizad peripheral; and 

2) desferoy^ n^moiy cont^n^ if unaiiterized attend at 
access detected. 

15 

2. A method of protectmg information stored in nonvolatile memory of a 
computer system havii^ a system bus, comprising the steps of: 

a) providing a plurality of sources of identification information for 
identifying an audiorized user; 
20 b) restrictii^ access to the con^puter system by the stqps of: 

1) performing preboot control of the c ompute r; 

2) loa£&^ a verification program; 

3) reading identification infomiation fiom the plurality of 
sources; 

25 4) coraparmg the identification information read fi-om the 

plurality of sources to verify the authoriz^on of the user; 
c) if the user is gn authorized user, providing access to the conputer 
by the steps of 

1) ^owi^ access to the computer system; 
30 2) constracting an encryption key fi-om the plurality of 

sources; and 
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3) encrypting the information stored in the nonvolatile 
memory using the constructed encryption key; and 
d) if the user is not authorized, freezing the system bus such that 
another attenpt to access the conputer system requires a powerdown 
to reset the computer system. 

3. The method according to claim 2, wherein the step of providing a 
plurality of sources includes the step of providing identification infomiation 
from an integrated circuit card, identification infomiation ixtpxA from a user, 
and identification information resident in the computer systan 

4. A mediod of protecting information stored in nonvolatile memory of a 
conputer system, the con^uter system having a central processing unit 
(CPU), the method comprising the steps of: 

a) providing a con5>uter system with an interface board with a 
residmt vaification program and a loader program for loading the verification 
program; 

b) restricting access to the nonvolatile memory, wherein the step of 
restricting access includes the steps of 

1) controlling the conputer system central processing unit 
(CPU) during initialiTation and prior to booting the computer, wiierein 
the step of controlling con^jrises the steps of 

a monitoring and storing BIOS calls made by the CPU 

during the loading of the verification program; 

b. initiating an initialization of the con^juter system; 

c. simulating a boot disk such that the CPU loads the 
loader program; 

d executing the loader program; 
e. loading the verification program; and 
f executing the verification program, wiierein said 
program verifies the identity of the user; and 
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2) if the user is verified as an authori2ed user, allowing access 
by the steps of: 

a providing access to the nonvolatile memory; 

b. booting tfie con^uter system from the nonvolatile 
5 memory, 

c. monitoring and storing BIOS calls itiade by the CPU 
durii^ the booting sti^; dud 

d. detects^ legic^ accuses which could conqjromise 
the security of isi&xms^aa st(m] in the nonvolatile i^iKMy, 
wherein tfie step of detecting logics acasses includes the stqjs 
of 

1. cooq^aro^ BIOS calls stored durii^ &e 
loading step wi^ BI(^ caHs gaierated during 4e ~ 
bootii^ st^ and V; . 

2. if BIOS cals do not match, fi-eezii^ the % 
system bus, requiring a pow^ cycle of the conrpiter f. - ? 
^'Stem to reset the coti^reit^ system. 

5. The method of claim 4, wherein the nrethod further con^Hises the 
steps of 

constructing a tmique enciyption key obtained firan a plurality of 
sources; and 

encr^^jtii^ information stored to fhe nonvolatile memory using the 
enayption fcey; 

ffljd wimem the step 4.2.d.2 of S-eezing the ^tem bus con^ses die 
step of logically destroying the data stored in the nonvolatile memory by 
destroying the encTypttoq key. 



15 



20 



25 



30 



6. The method of claim 4, wherein the step 4.2.d2 of fi-eezing the system 
bus coi^ses the step of physically destroying the nonvolatile memory, 
thereby destroying the data stored in the nonvolatile memcwy. 
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7. The method of claim 4 wherein the step of detecting unauthorized 
logical accesses conprises detecting unauthorized peripheral accesses. 

8. A secure connputer system for controlling a user's access to 

5 confidential information stored in nonvolatile memory, the system comprising: 

a) a system bus; 

b) a central processing unit (CPU); 

c) an identification card, containing identification information for 
identifying authorized users of the conputer system; 

10 d) a card reader for reading identification infomntation &om the 

identification card; and 

e) a card reader intwface, connected to the system bus, \^iierein the 
interfece operates to assume control of the CPU upon initialization of the 
corr^uter system, the inter&ce comprisii^ 
15 1) a dedicated data bus for communications with the 

nonvolatile memory; 

2) a dedicated data bus for communications with the card 
reader; 

3) a verification program to be executed by the CPU for 
20 limiting access to the nonvolatUe memory to only authorized users; 

4) a memory storage device for storing user-spedfic 
information; 

5) an encryption system \^4iich enaypts the data stored to tfie 
nonvolatile memory using an encryption key constructed firom data on 

25 the identification card, data in the memory storage device, and inputs 

fi-om the user; 

6) an input/output bus address monitor circuit for detecting 
attempts to bypass the verification program; and 

7) a nKmoiy CTasing circuit for destroying encryption key 
30 information stored in the memory storage device if an unauthorized 

access is detected by the interface. 
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9. A method for protecting infomiation stored in nonvolatile memory of a 
computer, the method con^rising the steps of: 

a) providing means for interfacing an infomiation bearing card to the 
conputer; 

5 b) storing individualized questions and answers which uniquely 

identify a user on the iitformation bearing card; 

c) readk^ identification infoF^itation and card information from the 
inforraation bearing card; 

d) executing a verification routine i^n initialization in order to 
10 determine \^iiether the user is audiorized to gain access to the protected 

information stored in the ncmvol^e memory, wherein the verification routine 
coaipfis^ asking ^e user liie ifKiiviihiali2)ed questions and con^^aring answers 
received £^ainst the stored mswers; and 

e) if ^ iser correctly answi^ the qiitestiom, permittiDg access to 

15 portions of the protected information stored in the nonvolatile memory. 1^ 

10. The me&od according to daim 9, fintiiCT corrqjrising the step of: if the 
usa* does not correctly answer tfie questions, fireezing the conputer and 
requirii^ that the conputo- power be c^led to reset the con^futff. i 



20 



25 



11. The me&od according to daim 9 fiirther con^msing the step of 
programming the information bearing card with individualized access privilege 
infom^on to identify which nonvolatile memory devices the user is 
privileged to access. 



12. The method according to claim 9, vdierein the step of permitting 
access con^ses the st^ of 

a) verifying that the user is privileged to access the information stored 
in a first stor^ device; and 
30 b) if the user is privileged to access the infoni^on stored in the first 

storage device, permitting access to the protected information stored on the 
first storage device. 
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13. The method according to claim 1 1 finther conprising the step of if the 
user attempts to access information from an ur^>rivileged storage device, 
freezing the con^niter and forcing the user to reset the computer system and 
begin authorization verification again. 

5 

14. The method according to claim 9, wherein the step of reading fiirther 
conqmses the step of: incrementing a retry counter if the user incorrecdy 
answers a question, and waiting for a subsequent user response if the retry 
counter has not reached a predetermined value, otherwise teraiinating the 

10 authorization procedure. 

15. The method according to claim 9, vs4ierein the step of reading fiirther 
compises the steps of: 

a) reading a card identification code from the card indicating card 

15 type; 

b) detemiining a card type from the card identification code; and 

c) if the card is a maintenance card, allowing a user access to the 
conputer for maintraance purposes, without allowing jaccess to the nonvolatile 
memory of the connputer. 

20 

16. A secure conqjuter providing ft>r the COTtroUed access of internal 
devices via a card reader, the con^niter conqmsing: 

a user input device; 

a card reader; 
25 a screen display; 

a central processing unit (CPU); 

a device containing non-volatile CPU program code; 

a CPU system boot ROM; 

a plurality of peripheral devices; 
30 a system data bus; 
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a microprocessor for writing and reading information to and from a 
card placed in the card reader, the microprocessor and the CPU 
connected through a dedicated H^ ta bus; 
an encryption engine; 
5 a volatile memory device for storing data retrieved from the card by 

the microprocessor; 

said GPU system boot iOvl inchiding code for instructir^ the CPU to 
smt executii^ ^ CPU prqgnam code in the device so that the CPU 
program code in the device takes over control of the CPU, so that 
10 i^n a jxnver-up, dear, or wami-boot reset of the coraputer the CPU 

program code in the device obtains control of flie CPU; and 

said GPU r^xHKive to s^d GPU program code, to perform an 
w^odwtaaa veiiBi^on pno^&ire ooEnprisii^ the steps of: 

a) kstfiKStiEg Ike ^^cnoproeessor to read a mrd placed in 
15 the card ri^da;- fey a user aiid obtaki at least one 

question from a list of questions stored in the card; 

b) displ^yii^ Ae question to the user on the screen display, ^* 
and w^ting for a response from ti:^ user on the ir^ut ^ 
device; 

20 c) passii^ the i^ponse to tiie micropnx^essor and the 

microprocessor coiTf>arir^ at least om user response to 
a list of correct answers stored on the card; 

d) receiving the r^idts of flie con^arison by the 
microprocssor and dlovm^ access to the computer if at 

25 least one user re^xaise matches a corresponcKng correct 

answer; 

e) generating an encryption key from data on the card data 
stored in the volatile memory device, and responses 
received by the user; and 

30 f) encrypting all data stored to the plurality of peripherals 

using the encryption key. 
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17. The corrputer of claim 16 further con^jrising: 

a security circuit for nx>nitoring attempted unauthorized accesses of the 
conputer; and 

a logical destmct circuit, connected to the security circuit, for 
5 destroying data in the volatile memory device if unauthorized access is 
detected by at least one of the microprocessor and the security circuit; 
and wherein the microprocessor perfomis the steps conqTrising: 

monitoring and stmng CPU BIOS routine calls during the 
authorization verification procedure; 
10 monitoring and conparing the CPU BIOS routine calls during 

the rebooting process to detect control of the system data bus by 
another program; and 

if the BIOS calls stored during the authorization verification 
procedure do not match the BIOS calls monitored during the rebooting 
15 process, then logically destroying the data in the volatile memory 

device; and 

v^erein the GPU performs the additional step of incrementing 
the value of a retry counter if the user incorrectly answers a question, 
and waiting for a subsequent user response if the value of the retry 
20 counter is less than a predetermined value, otherwise terminating the 

authorization procedure. 



18. TTie con^nrter of claim 17 wiierein the conputer fiirther con^ses one 
or more physical destmct mechanisms logically connected to the 
25 microprocessor for physically destroying data on at least one of the plurality 
of peripheral devices. 



19. The conputer of claim 17 fiirther conprising a physical destmct 
output and pAiysical destmct package, the output for triggering the physical 
30 destruction of the secure con^juter by computer control upon detected 
atten^ted unauthorized access. 
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20. The computer of claim 17 wiierein flie key information is generated 
from data stored on the card^ in the volatile memory device, and from 
responses entered in by a user during the verification procedure. 
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rization is verified, the card reader inieifacc 
permits the user to access the encrypted data. 
Otherwise, the user is denied access to the 
data by one or more of the following meth- 
ods: freezing the system bus, and reqhiring 
the user to reset the computer and re-enter 
the verification program; logically destroy- 
ing the data in the data storage devices; and 
physically destroying the data storage de- 
vices. 
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